Estimated reading time: 3 minutes

Executive Summary

You are a US-based Company needing immediate Incident Response Services and seek to engange my Attorney to handle the Incident Management. Please contact me.

ATO BEC

An ATO BEC (Account Take Over | Business Email Compromise) of your Microsoft 365 Tenant should be conducted in the normal course of business. The alternative is being a Client with needs for immediate on-site Incident Response.

Monte Carlo Outcome

The Threat Actors often produce a Monte Carlo outcome. Typical actions are sending Emails to your Vendors and Client Base for Monetization. Modifying sensitive Files and conducting Financial Operations on behalf of the Company are to be expected. Domain Registration and Workload Submission should also be investigated.

ATO BEC Response Plan

• Retain the Breach Response Attorney (BRA)
  • Contact me for a Partner Introduction
  • Create an AAD Global Admin Account (AAD GAA) for BRA
  • Partner retains me as Agent for AAD GAA
  • Analysis begins immediately upon receipt of AAD GAA
• BRA is the Manager for the DFIR Response
  • BRA Retains the Engagement Teams
• BRA is Point of Contact for:
  • LEO’s
  • AGO’s
  • Insurance Carriers
  • Other Interested Parties
• BRA manages the Event Mitigation & Remediation
• BRA manages the Implementation of Best Practice
• BRA manages the Notification of Affected Persons
• BRA manages all Legal & Regulatory Filings

Implementations

MultiFactor Authentication

We can implement MultiFactor Authentication (MFA) and/or Phishing Resistant MFA in 1 business day using Conditional Access for your Microsoft 365 Tenant. Best Practice involves user access & authorization based on conditional access policies to bring signals together, to make decisions, and enforce policy.

Written Information Security Policy

The BRA will deliver the required Written Information Security Policy (WISP) based on the State(s) that your Client(s) reside. Sensitive informaton such as Social Security Numbers, credit and debit card numbers, and bank account information must be kept confidential and secure under law and require this written information security policy.

Notification Process

The BRA will discuss the AGO Notification Process and initiate contact with the necessary legal and regulatory authorities.

Onsite & Remote Services

Onsite & Remote Services begin upon your retention of your Breach Response Attorney. Please contact me for an introduction. The imediate goals are to ingest all Digital Forensics, conduct Incident Response and implement Best Practice while commencing the Notification Process.

We are available 7x24x365.

Related Content

• srdutil
• Introspection Claim
• Best Practice & Transparency
• SRT 24.100.3 PR42
• SRD IORegistry